ALAS2-2023-2005 --- vimID: oval:org.secpod.oval:def:1701250 | Date: (C)2023-04-17 (M)2023-12-26 |
Class: PATCH | Family: unix |
A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 9.0.1376 in Vim's utf_ptr2char function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service. Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402